AWS EC2 Connection closed by when trying ssh into instance

Recently I set up a new EC2 instance. The next day I was not able to connect to my instance via ssh. I could connect and disconnect the day before, I am sure I did nothing. Here is ssh debug info:

ssh -i webserver.pem -v ubuntu@my.elastic.ip
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to my.elastic.ip [my.elastic.ip] port 22.
debug1: Connection established.
debug1: identity file webserver.pem type -1
debug1: identity file webserver.pem-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
Connection closed by my.elastic.ip

Is there a way to resolve this issue? Or shall I reinstall my instance again?

PS rights to my .pem are set to 600.

64454 次浏览

(1) Please check when you execute the ssh command, are you in the same folder where you put your pem key. Else you should use "ssh -i /your_key_path /mykey.pem".

(2) If that doesn't help. I think you could create another key and set your EC2 instance through AWS webpage. Then try again.

Check your security group. Make sure that you have an outbound rule that allows traffic to return from the instance.

With the default outbound rule

type: All traffic, Protocol: All, Ports: All, Destination: 0.0.0.0/0

it will work.

I had this problem and it turned out the PEM file was incorrect. You can check following the instructions in Amazon EC2 Key Pairs - Verifying Your Key Pair's Fingerprint:

If you created your key pair using AWS, you can use the OpenSSL tools to generate a fingerprint from the private key file:

$ openssl pkcs8 -in path_to_private_key -inform PEM -outform DER -topk8 -nocrypt | openssl sha1 -c

If you created your key pair using a third-party tool and uploaded the public key to AWS, you can use the OpenSSL tools to generate a fingerprint from the private key file on your local machine:

$ openssl rsa -in path_to_private_key -pubout -outform DER | openssl md5 -c

The output should match the fingerprint that's displayed in the console.

My problem was that the username was incorrect. On ubuntu instances it should be "ubuntu" and on amazon instances it should be "ec2-user".

I had the same issue, Its the problem of the permissions you give to pem private key file. Make sure you run ssh command in the terminal with the sudo (Administrative) Access.

Often times, you should use the default user name for the AMI that you used to launch your instance:

  • For Amazon Linux 2 or the Amazon Linux AMI, the user name is
    ec2-user.

  • For a CentOS AMI, the user name is centos.

  • For a Debian AMI, the user name is admin or root.

  • For a Fedora AMI, the user name is ec2-user or fedora.

  • For a RHEL AMI, the user name is ec2-user or root.

  • For a SUSE AMI, the user name is ec2-user or root.

  • For an Ubuntu AMI, the user name is ubuntu.

    Otherwise, if ec2-user and root don't work, check with the AMI provider.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-get-info-about-instance

I have the same issue but i fixed it by "restarting" the EC2. Note that restarting EC2 does not change its IP address but stopping and starting it again does change it.

It was an easy fix but make sure you can bear the small downtime. In my case website stopped working suddenly.

Please check your username. if you are using ubuntu instance try using "ubuntu" in username instead of "ec2-user", and vice-versa

Solved this issue by creating a new private key file/pair.

The problem arose while I wanted to reuse an existing key a few days after its creation. Then, just use the commands provided here

I had this problem with an ubuntu vm, so:

  1. the security groups with 22/tcp access was ok
  2. the user name is ubuntu, ok
  3. accessed using the pem key and
  4. /var/log/auth.log was showing the session end in the preauth stage (not ok)
  5. Noticed there's a missing package: ec2-instance-connect (ref: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-instance-connect-troubleshooting/) (not ok)
  6. sudo apt install ec2-instance-connect

After that, got access through instance connect

I had this problem when using EC2 instance connect. I finally could connect after downgrading my Ubuntu version from 22 to 20.